Open recursors are a problem. They can be used by attackers to amplify a packet stream to a victim. As such you should only be running a recursor on your internal network and an authoritative server on your interfaces facing the big, bad Internet.
You can run BIND9 with a split view (also called ‘split brain’), or use my setup: a NSD serving the outside world, and using BIND9 as recursor for your internal network.